A syntactic approach to type soundness
Information and Computation
Role-Based Access Control Models
Computer
Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Ownership types for flexible alias protection
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Integrating functional and imperative programming
LFP '86 Proceedings of the 1986 ACM conference on LISP and functional programming
Typed memory management via static capabilities
ACM Transactions on Programming Languages and Systems (TOPLAS)
Featherweight Java: a minimal core calculus for Java and GJ
ACM Transactions on Programming Languages and Systems (TOPLAS)
Types and programming languages
Types and programming languages
Providing Fine-grained Access Control for Java Programs
ECOOP '99 Proceedings of the 13th European Conference on Object-Oriented Programming
Access Control in a Virtual University
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Cassandra: Distributed Access Control Policies with Tunable Expressiveness
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
A framework for implementing pluggable type systems
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
When Role Models Have Flaws: Static Validation of Enterprise Security Policies
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Privacy and Utility in Business Processes
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Constrained types for object-oriented languages
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
A formal framework for reflective database access control policies
Proceedings of the 15th ACM conference on Computer and communications security
ROAC: a role-oriented access control model
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Declarative access policies based on objects, relationships, and states
Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity
RABAC: role-centric attribute-based access control
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Towards Security Assurance in Round-Trip Engineering: A Type-Based Approach
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java's Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure correct. We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We formalize and prove sound a dependent type system that statically validates a program's conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.